Setting up automatic visits on top norwegian sites, and recording/detecting any malware in play.

CC2ASN database: a kind of inverse ip-to-country lookup service. We have blogged about this on two occations; http://www.honeynor.no/2009/06/19/country-lookup/ and http://www.honeynor.no/2010/03/23/enhanced-cc2asn/. The override definition file for the enhanced database are being reviewed and updated.

FINDINGS

SIP honeypot

The same attacks are present, but also botnets are starting to use SIPVicious and other tools.